I just came across a very cool article with detailed instructions on how to leverage a very simple attack vector to hack many email clients. Using the scenario in the article, the attacker is able to accumulate encrypted emails and store these emails for some time before starting an attack. The only constraint seems to be that the email account is still active and the operator of it uses one of the email clients that have failed to protect cyphertext.
To decrypt one of the emails, he or she manipulates cyphertext using malleability gadgets. Social engineering (K. Mitnick et al) is used to understand basic environmental factors of the target's email client, O/S, encryption software etc. The attacker then transmists the manipulated email to either the original sender or anyone on the CC list. The email uses new headers and the manipulated cyphertext is hidden within an invisible iFrame. The email can basically be transmitted in such a way as to avoid it appearing suspicious. Once the receiver opens the email in his client, the manipulated ciphertext will be decrypted. First, the private key of the victim is used to decrypt the session key, and then this session key is used to decrypt the manipulated cyphertext. The decrypted plaintext is then sent to the attacker by using an exflitration channel (hyperlink, events to trigger it).
The obvious defense is to use only plain text to render your emails or use one of the email clients that did not succumb to this method.
Full article: https://efail.de/efail-attack-paper.pdf
To decrypt one of the emails, he or she manipulates cyphertext using malleability gadgets. Social engineering (K. Mitnick et al) is used to understand basic environmental factors of the target's email client, O/S, encryption software etc. The attacker then transmists the manipulated email to either the original sender or anyone on the CC list. The email uses new headers and the manipulated cyphertext is hidden within an invisible iFrame. The email can basically be transmitted in such a way as to avoid it appearing suspicious. Once the receiver opens the email in his client, the manipulated ciphertext will be decrypted. First, the private key of the victim is used to decrypt the session key, and then this session key is used to decrypt the manipulated cyphertext. The decrypted plaintext is then sent to the attacker by using an exflitration channel (hyperlink, events to trigger it).
The obvious defense is to use only plain text to render your emails or use one of the email clients that did not succumb to this method.
Full article: https://efail.de/efail-attack-paper.pdf
I liked this post.
ReplyDelete